MalScore
100/100
MalFamily
Ispy

oparaaaboyooo.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 13/64 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 286.00 KB (292864 bytes)
Compile time: 2017-06-16 16:02:18
MD5: 77c9bff32e8616900fd367582f75575c
SHA1: 523a1f2a0c0474a53698405477641e8b6adbeec2
SHA256: a337568384aac503a62c64627f1bda50552600a523351c273033c764e0a88aef
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-26 22:30:04
Last submission: 2018-03-26 22:30:04
Filename detected: - oparaaaboyooo.exe (1)
URL file hosting
hXXp://emifile.com/frak/boy/oparaaaboyooo.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-26 13:21:36 [13/64] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x46ba4 289792 f881442e0c89f05ccea5675b09c7bab8 daf81f740bfb4a71426086e793c11ae5b40b401a
.rsrc 0x4a000 0x628 2048 2e83eca2c046ec5b7e2618f12a31d241 ef86102f8a5e95f47b508bc5d7953dbaf3fce2e9
.reloc 0x4c000 0xc 512 e9f454ca335234c09ba1044df88af88d c3a8cf9730ce49d80e0809b3a874df4166f83d21
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x4a0a0 924 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4a43c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Merrill Lynch & Co. Inc.
Assembly Version: 0.0.0.0
InternalName: AVOYIN.exe
FileVersion: 8.3.7.2
CompanyName: Merrill Lynch & Co. Inc.
Comments: plupxhxjgjs
ProductName: Directory Listing handler
ProductVersion: 8.3.7.2
FileDescription: Directory Listing handler
Translation: 0x0000 0x04b0
OriginalFilename: AVOYIN.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
8.3.7.2
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Merrill Lynch & Co. Inc.
Assembly Version
VarFileInfo
Comments
VS_VERSION_INFO
79a8b944-822d-4268-9d01-36927aabcb1b
ProductName
InternalName
8.3.7.2
12c83b22-cc16-d411
12c83b22-cc16-d410
12c83b22-cc16-d413
12c83b22-cc16-d412
12c83b22-cc16-d415
12c83b22-cc16-d414
12c83b22-cc16-d417
12c83b22-cc16-d416
12c83b22-cc16-d419
12c83b22-cc16-d418
Translation
6da933bb-0965-b7
Directory Listing handler
FileVersion
Copyright
*G
LegalCopyright
plupxhxjgjs
StringFileInfo
000004b0
ProductVersion
FileDescription
0.0.0.0
OriginalFilename
12c83b22-cc16-d41
12c83b22-cc16-d40
12c83b22-cc16-d43
12c83b22-cc16-d42
12c83b22-cc16-d45
12c83b22-cc16-d44
12c83b22-cc16-d47
12c83b22-cc16-d46
12c83b22-cc16-d49
12c83b22-cc16-d48
CompanyName
1Sl
12c83b22-cc16-d424
12c83b22-cc16-d425
12c83b22-cc16-d420
12c83b22-cc16-d421
12c83b22-cc16-d422
12c83b22-cc16-d423
AVOYIN.exe
2018 Merrill Lynch & Co. Inc.
pAWl
RcOUqv
X{Z*
+UtR
7@.tp
g$O(
,9:0
t ';$Y
kXN,p
PNG
u?2P
krDb}
^wj]#
&k{Lx
Md~
~+fwv
V Bx
gaX!Q
] W9
\dPZ
1nm%2
qqUF`
|>E K
TX(B
61*w-
L]O,
&N}Z
j@R4
)oP?x
l}wt(
=zss
#LH
7Ss
;1?.
7 Rk
O%gE?
vKwY
P9Db
t2,o
UnverifiableCodeAttribute
l Q:
c pc
9Rn,
yez
16]{
i^8j
/|V$
CdmI
?L,M
&|Z,
P*?
>X@ 2b
<PrivateImplementationDetails>
XIFu
;X\y
jB/c
EiT8
$1Y!
5M 1R
/RN Z
tH /{
h:,g<x
Sl>DL
&UY]
]Fa]
G{r>KN]
1x[c
WzTbb
.75m
"8'T?Eb
:or%
^"."
qECsc
~[cAq
Y+nU
e(R-
.DwQ
JZ{#WM
L eNA.
:];$
o )T
/@gN
k$Txbf
$.{f8
*>NHup
cE6F
Hsw|pm
\tcZ
y Pgx
]F$wy,bD("/
p!Z~
'Mo
T4
,)'(zs
Sjc]H
! {j
!>^i
hA&C=
vf1(#
^j -
_4O9$Xl
*3I1sA
\Qwh
I Us
8MlK
^ucI
%#PP
jPR`
E^(5
?V1DRA
f*:\
GK"<,
x%4K
-3#
a+tPc
:}_-
C/ x`j
_Type
qIKP
P96Fc
paXC
Uh7
w!)qJ_
%c4^
TWRQ
;FN[{
QphT
,] r
'aE<sv;$
LyoQ
NEbZ?
rO*G
DO4?
}us4-N
aM[U
Wn>tx{gu
Yf/m
(j}q
)gYAOg
[ a(
ClO=
l%|E
_ffuU<}
K?ve
N 8D
:d $t
{\cE
9n;e
wcj^
]D3|
2m*`
/0?My-
%sS{
s"|b
\lk
AssemblyCompanyAttribute
/FPS
&d%w
tg9[
p`4Gh_|q
Y5jUW$
Z>=tW
ys)+
S$d
`76*
\l{
k {
d=C
Pj78
8h2J
um<PV
*!;,
XeQh
,2\;
Gl_(
Nl W
2ZC/Xa
>^$m=
QcJ3:
Fl}
$V(:
v2.0.50727
?ZP]
w$pe
\c[E
j?Fw
mo{2
`no-c
ResolveEventHandler
lL-Se
Gu# 6
UlB
Ozz3
AppDomain
c<#r9
@_x }
~1(T?
t*fp(
'Bh[+
b2`K
>h 7X
oJw|
M %x
YA 7B+Q
K#-'
'-l*4
91uQ
%4AR
ms_&
3QAq@SZW
$O 6
i4C
gp:k
YV[H
4*2<
c Uj
`Y]2
^G^#
Iw|8
oMo>i'
>Q%h
0r M
V_M@
e1 g
/Fu`
Vh9p?
%@O
m/| ]
,G}G
[%xH
AssemblyTrademarkAttribute
6rc;
,3nI
v' ,
VZ&Uk
get_CurrentDomain
Fs$>3
X!4Q
V$Bv
v6|;
/+{]
<7 v
/y;{
u{[l
&c?.
set_Item
G7:I{
|8bl
>&kn[!`R{
W,n#
W bl
#Blob
Control
Ti 1
<WlZ
MA2c
`Jm/
a'{
?li:
imtN
;gU+ Ji
ZA1C
JLhi
Vj_e
;4Up
bWw=
.cOI8
-pO~
G;|a
i]N,D
e} 2
F<0 b
6XX3b
a+2,
System.Drawing
I^n:W
1tLNCm
OfTmO
= P#
gLh9
STs{
sX2 /
vm=[
RH82
Y;$i
D>;1
$FIU
` ls
k t
fl[mv
QPk8
LJ_q
`T?S
-@Et
hQvC
>:!l
cx)N
wCEiUzz
#0~S
rdvi
C(vO\v
<sv5
mBr
~'h~*5
s{h?U
3sm
9 ql
@l(f
~s5@r
OL/
;|cd
~{R/|
1f?T
N)[5%
T&/va<b[s
edXdB
yi1IVN
Yv0zw
[EJ=[]*
_a.O
%QV
CU`S
{NE0
/ ]JG
"9bh
D pM
<zvT
a@_|
MT c
$vI[CWx,$
(0 P
nlnz
m8@q9
:~vd{"
QcnV
3grn
Jgt\
6JU?R\F@
<1!!=
ZJJ.
p,2k
6[ov
A0S%
7)@*
8*?9Aq%G
|iz[T
XkD_
w5R=vMg
&Rgwo
fPQm
4|^3
?415
'G77
RTJQ
>N'g
6ki1
GK%:E
8JJy
*"Ge
\] _#5p
Etw.G:
J2w<
}+UpA*
`]a`
; k
e.Yb
.r0f
d `
I 0c
K$:I`H
G_hSooi8
8X2W
w'qZ
|PZ[
)9w{D
uu/w
:pbe C
CGC,a)
SwpN
ksQT
)G^|
4`yt
81yZ
q>}lS
k7VM
X9$6
RBEU
.text
,f+&
1XO~x
y|Lx
X` q
J`vM
wu$W
ln8b
/9r7
<-et
W,'
D#[L
)B#]
wQ'9_
=fgs
7KOO
[#VA
%Wf*B
]P|w
-;.F
d~w (
System.Configuration
f~z
]_HkT2
pbl?
; xQ
C x/.
2C03
y`hD
G~"#a
TBr~)
GTu9
}AAM
]*_A
EnableVisualStyles
8;t2
U!Y'
oX>^zn
SkipVerification
1i \f
_i.g
E B
hd=E
-f*#
[>(T
Monitor
mT+:
4*#1Z
zi=>
{I]O;
4[nY2
'wI{
7EI)
HXK=
l[Jn
G2DpXe
|Um
3c3aOh
gRPG
( ;__
-7K!
T<]Wr
c :(kBOg
4o"K=@
e1:$
( _b-
==%:y1or
qEEX
F,|[
Yc8<>
"HPGM
@>=x
G5aV:4
+z[&
/UC8
A\*~
O!SC
NLA}R
R\O1
RUY<
{ t
9jLT
(K #
X86e
oV.I,
wJ,]
gBBM
fX5e
I?K3
I :
get_Default
jPk/
@" C%
YSEh
&E6+>
].m;
#fSh
Rgi c
5mE#
o>])
_%Ee
Tzg<
GFdz
\4Q|
xgv8
%_Np
wj5Q
.a&
*0gQ
m3s:
Settings
1nrq^`
68x!
6(%:Q]B
:r$G
Io<p
m+6D
f?Fby
-cqI
aXCBCsq7`
R*io
-zq[
hyDs`
9!8U
?.)
BDUHE
_I9Vi
8}6@}
z M[
cFP}
j:lK
>Ws(
^,6KR
<PedM
% ('
4WD p<
zc38/f
r2p&%
\"pa
bQ_|
1ZJ`
f 03n$
!USM
zW!A
MG{IP
RVL|7x
ln@b
}w|[%
aAq0
R7 .
p% + 64
1dZL
E$<9&
Lp#
'Xx
\~Ps
+#]
)Zdw!
FormClosingEventHandler
RIw
7B~hlj
GG@Y~
GX0
U/Vx
C mI
~6%W
t-~R
H{}*
4SFP
\o #
!|P_t
LC_g
*k\~
nfgxjkx
s-t\K
a%#t
8`#r
?SLG
e}"R
UV7
3>VC
0)gW
6,SW
uC `
(`Ps
"Aov
|y@O
by?7
-)`L;*
3-UK#
ymoz
i_GJ
Write
vc T+d
AKy4
set_AutoScaleDimensions
&*6(
)Jq[%
'<Z
%Z{4
m".Y
%?K,
\l
/*U+&
tPse
SQtE
get_Assembly
6j?*p
n:jY
R[' Y
y^lUc%g
+C?
9Xu2
Pm.Z
#p 6
6/\z
C <Vad
1TB>
o _>'
rr)J
!cM
Q3vs_g0i+
,MV{
mIrp
mscoree.dll
%2F}
w&U T
ynem
T/Z4
T9~
.!q
6;6v
lh6O
| j~
02%o
W.DiL
2$f:]
Qb<8
Jf0$
System.IO
WrapNonExceptionThrows
O+YV[I1
eF-2
ft1o-
ZXH
:cTI
tA%h
ix~K
b\)o
>&k{
cG{SF
-$\_
R d=
74y$e
wahz
[(d:
sEn& n
Vanu
EoneH
Sn45
` Mk
*'1N
8Ac}
&*8=
wblw
W#1%o
cgbl
RuntimeFieldHandle
^k]Z
]99+
&*8/
DH =
VRY
YojV
S|V/
STAThreadAttribute
%>\+
IHDR
Form1
9`Dx
System.Security
&*8B
\G05p*Aw
v^%*
System.Globalization
~zm\
~/5{
b2b b
Cwd=
.R /
blkt,
6]*k
gHa6
&*8|
&*8b
W-Z@F
&*8l
%#LF
&*8h
1Y 8{
RrV }
@Dz L
fK?j(
dJj
System
vDd.O
f1of
Application
Eg /7An
,u\=
XD6g
-BW19
[Uuk
S)?s
?"[
}},j])
(N8o
&*8e
c'.-O
,3hI
hq\:
]BTt
3fX63
$fl\%
!'M@M
System.Security.Policy
1;\^
Djq(
/&YE
3{dI
i*}"
biz
_7.)v
P`XTD}
>POIV
MethodBase
#Strings
9Z8d
E^IKx8
Lm+1
Q;*t
pdE%
Y?&ec'
Evidence
xTCS
}c~SE
7.Pst#'
)e8c
M`/'X
qj9.a
System.Runtime.Serialization
.|*q
oV$=r
)tU}I'
6 b:
#` u*0
q%/y
-?GR
ele7*k:[
-3 \!
%V^9
fr<S
ABS IK
~Gi4f
Cx7zl
PRt,{)I
qgzrEW
!\]KnOw
m<dL
#^a|
get_EntryPoint
JGYx
viv>
ubBY
O11(
[.~9Q
zqK0
EPF]
@-$f
w`.i
/9=OP
EventArgs
{F'_
zM y]
?blw
-~_z
?@Q
eQm*
)N#Ws$
i5}cZ
{J>*$&
f$pP"
d^|
}l zp
$xO"
[xtV
HK(w
WYl/
NM>a
^MQK~A2
7@{~
+}I4
<Z !t
+AgAR`
y 3+
re%a
)qj
3M,!
FNid
jVC-
_ jQ>
;AF
eODM
_'AU
`-m3E*
-6AY
q"Vg,UuN
2iS[rh
j MyB?
EkC:
ix>3r
D*@vA N
a!6m
w=S.
%$ |
I}=L4
| *
- Vp
7^Z=Q
ED#@
||{ Z
;u
Xa];
%7^4CTl
O8/;
G1<%
>vu`
W|C)
ZwdP
EP #
g[IQ
+yxQ
UP'Z:f
vv-~;J
y: G
N!Ru
9 ez
;zIK%;G
H,~&8
,+!2
j)(>Z
[4FG
)1*x
Yz>x
*JvF
w<-
|G <rvJ^
;=^.
!fy}HdS
LK3u
TWWJ
}8/8o
zMMhJ
CN>`.u
+2q[y
SC5
5dK3
XaX=F:a
ContainsKey
(^98
:Ob6
4)@>
ro*[%
nfgxjkx.Properties
s0Kx
JWG@iyx
AbO0
zLwF
ZxPsr~3b
qiFr(
t9?/l
&-P] V
?mH
+Cu$
8 4<
xIjbl
aaG=1o'*
c,w*
18y+
jd(
' +%z
{ekP
$!cel
m4_~6Bo
9|?|
LD6Q
Ed[S
< NSTGug.:
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
Q+,N~
?s]D
Z ,t{
aj=50
VaNU
!aq87
PPyh
F]bBH9
l#ws
5m%N
I=M
M:l
Z[!$
= j#R
-+ {0
{vO
9 zVQ
S;b.
u[X1
6$z7
}o~ -
>Cyc
glo
>uV,
Bm!V}
O-of
'WJO{
alfE
ZkaW!4
\n;
:G O
3KW1
Form
P@Xt
J Qh
<20%
:'Y/
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
AA79D8F82AE72A99F90BD57F09E3E02B166C1F4A
z)P# h
LcwT
|}6:
Yq$Zs
9Br]k
)!y_
aPi66
jY 5
OfHMa
-yk\)
e37g&
6h@3JC;~^
|q6|
9J#P
|<8j
lM1e
;I;*
. =e
D]f!
IGkg
:luC+
LSr+n
A}@
d8^D
OH?%
0WXQPx
/`> Q9
HFgz
<02R
TQHDIXH\
SQs/9
f'jIg
aqAj_
<H A
T#$U
G_{V
Pj.$
4k&N
P OZk..
Ph.3
!w8O
(llV
wec
Msl%
/eA TO
].XuTC
#GUID
a#i
&lbo
+qg?
:Dq6
xBSJB
N{/2
%CpMcv,wu
*a~I
$B$whs
Tt{D
`XjkDY]
YeFM
't!L
A:bl
kfu1
t
nL -
/:<4
^TeU
set_Name
RT-f
Default
a<km
.bj<
y]^e
+6 TU
HMp6
&;WN!;
\x<
T%6Q
2|P)
xD.F
WeFTHB
ZI/E
zxeA
CW"]
@0*PG
5cvV
%x'
wTj8
]i.9
q#9<S
Ud_yX
BB'"
OyyB
Utn>
%QhO"
% k+
Q` I
#VqNm
fR-U
IEvidenceFactory
>lHr
KGD=r
@7J
l kWd
R5
;suB`
SetCompatibleTextRenderingDefault
%;7]
[LmI
hgHD
Xs%t
"@1N
k P9
mtGY
(*O'
bUr][
2Am7
w8<0Z
XCq9
Xd
rFh_
c mJ94
:iHKu
6tuz
1h2Q
MuU1?~
{Ck,
d'K*
cI J.t
59J
N^xN
O,!J
v9C.
k bl
y g)
!$ord
UQ]HMO
1lU&g
xhfI
/Y,7
^'oI
m;0`{~H
]oI
sS1*uN
dl#
yP f
% qT_7K
fz g:s
.P|
f'K
f/o
>0[r/
dI PX
9*#F
v6wn
5he#
+R/9[Q
Te.$T
23)'
8r\G
>2lQ
TvJL-
L#6b
jW:}
CQ(X
Y)eBf
YR)%I
i,@
Lz Z
6;G(
EditorBrowsableAttribute
pg78
`m_!
ICustomAttributeProvider
N%wZ
:3Obi
ToString
bd$*91
<jrj
/xv9Z
sMK=
)$|8
U4!kg
eKX
BrOU
E$c:LA{
2^8vh
JnP6
cNE"
[COX
5 ({
J2pk.6{uX
o&Kp
QGEp
\`FK
[;+=A
<rG}
XD )n
Z[KQ
x ^X
M/|d2
8e m
oeRG?
|`Xu%Y
;6s!
6pW;
~eo$s
a&z<$Nz(
(3oI
n: 8
Hjf}
(%]0
Cg]*
*bLb
eAfw
aI`g
nEC
add_ResourceResolve
5u,2
dpyF
Ma7-
N[/7
B*x8:
AssemblyTitleAttribute
C ^va6
8 M
ecKF
=c5|
hSU,
%}P#
d]3=
=&W^
GetData
7A #N
ydb
( bl
D->7
+*G3
H?G#
hpEa
qX|
Hj `
c>bG
IF}
_Ydn~
0 z?|D
1lH*jg
p*qv{
add_Load
kkJW%a
6O#]]W
[ Y2
XyaT
1B :3y
c*7mI
SettingsBase
t|]+
j<#pJ
R0oYA2
f"?~
sb:\]d
$^:Z
C)=FT
S&uah
)~!|AWZ
'8'm
tqTW
I`6z
\V
gjDC/
'@ N
?6Ke
Data
3qyM
_^d|
3<9G
;4Q\
/RE$D
):mF
K;;R
,RI. iZ
c[%
C".]
qIc, a
@zN;
ValueType
9~=+
BO|P
EQBc
pHYs
.ctor
3u"e
}nGX
E$FU|
/;c9
~21\Vo
4^KkJ
ZD5
^#uI
qf8r5?4~
pZv,
/Md9
[4V|
iV(])X
(l?[
gI6I5
6I9 c
;>AY2
D/Db
dw.x1F^%{
Invoke
u4 a+
Vycn
F <2
ihca
System.IO.Compression
cw_ ;
`@'d
-uTj:
vt0a 5
en?P
p[r`L
iuxS6zP
(Der
System.Reflection
s}pY
nbP6
/D: 5(
?zi`
d T`
P"9T|
<g
OJKi
T, j
kgGG
/ RL
#y5 w
6TituzI
e8&
W y5,
n1E5
DX'{
0x u
8 ue
GetManifestResourceNames
[Wa@6
]#w<
Array
tR~{
B} k
?iV0
@.reloc
KFu)
XQT
A`Ai
+E E
VC5)W3
OVTp
d}@"U
.{!~TR
`MD.
r63[
UXu#
4 [2
)wT:
-.'M
UU[t$
f)R9
I5w
Byte
^6+r
OQbD+
VCD{4
41|#3
i;*Ot
>AI#
/`OL
M:]}
* ekt5
a>vp
ks*)
gWt2 `}
QK@qjHM
qRRk
15.6.0.0
Zcb4
*yJy
/M!
HvN*
d}w
5k(U?
t4vn`
zW&Q
6d4
,UJ[
Hls"=
lP-
l4U<
Dst
L#s =
b >0
B M
B;F5z
c1G9
^pX%
; Y=5
Lay0Y0h
Y 8Y
\7>
K#CN
Y 8c
d|W5$
J6{.
2h8g
~[ A!1`
$ti2\
u{o&
O+T{
\~dYo
Y ;N
p^yN
S0nn
(* #
/"f>
MemoryStream
iSDE
.,`4C
*3HB
WdA_k
Tt"l
p5plZ
0 (~
rK!xg%
Ttv,m
"oG
Po/A
' iU/'
A=x"
ItnX7
*YBC
iiGby[
22/h
RG j
G$x-
IDAThC
5,8T
^*z )
uf/p
?flL
" Hc
)N@Y
K\8FM
IG8
O:;R>L
r8| f
0|C%49
|]bx @^
P=oE
t}!"r
jh@^
X:53
Db
B7\7
ipi>
Assembly
TAl3
!{ODj
vjy4I =
EnW)
Tse??
`I.=]
{ivH
wKj
Jh'r
y6b^jA
&n3 w%
C{%)T
(DW10
}kpP;
$Q oT
BQ_X
" |/
yw6T{U%
-oXl_'(6F
0Ky
8[BClQ
SuspendLayout
3{-&
set_Text
l:5T>
3O&@%
\"Yik
H"E)V
9s,X
RKo$
a_1%uU
aLas
1C9]
QT&FQ
_ HO
@M <
Qov_
(d ,
n 'h
U$/Sx
t f
,PfGR
8KPb
m)(l
bP|N
+@ E
p *!
set_AutoScaleMode
h/>/|Mmn
!. ~CX
uM3Cz
&~Xm
4X$f>
]70/
Ny<
]39\
q(9s
waJU#l
;59Ui
{3XoSVb
jkOb
}L^N;
j$}~
y3uH
hvE!]1
uI33VsK
,liw
IContainer
W;Dw
d+4-
O,^X
_!Qg
cLbl
!RT
7fZ/
;'.T
l[rxL
/pD+xT
n4$D
|zx/
SetData
,%f
[t4o!?
7.fm
zg:`%V[
[iiw
4!Cj
;uRM
`5x&
#?%
lfLR}
B HU
"/4-h M!
X t
Wi1X
,"PeI
iLn>#t
G|BC
4ZYk
W0 "
PARS
8g
eDb/6r
!7ru
r Df
d3an
~8%M
CultureInfo
~O\P,
LYeiu
9qc(Ux
QQzOE
SCE]:}
dl4
ut{9u
Bj"@
/U1&
dAp xa
`?ML
'bN)
c~g[g^)M
Bp*X
s\ G
HH y
W2)4z
l"%whi
3jR3
X !
}^&
tG>,<
<.Vj-{
oS%&
m3K
dY_&
vyI7
ResourceManager
RuntimeCompatibilityAttribute
*[_{,
x)&S X
kvyiX
;Oc1
B jl;
t19E
78EB
GD7z
0d->bZ
j,Iw
khN.
!/6'OE
!]P [
i31bF <
4NT
yQ3W
\0sV#
ContainerControl
|m('
^UNa
M v]
Yh}D;
du5Mw
siP ?2
|U+X
lN5X
OFJ9Xs
c(Cd
j jl_
"e*Bg
?_,+
, @=
~XfZ
lUA
)x D -
t%%8
_)*^
1"p%]
GmgV
UvU\g
5d:d
~Z;0$P
&DgO
<,yX"
u"RVi
KQVZ
JI k
u6*Pc
%W+_
]w1y
Sd45
}BJa
K~zm
feOCwg(
Z=kL
\<.e
8U@#(L
WfiHu
yVv#-L
l>A&
U;'7
AssemblyCopyrightAttribute
j?s=7
/k%6
Q2Gp
f4gg
3? R
dM'7
Y 8:
^%jY
$m"
zc4;
5i'L
vc e
W0"z
tiTn
Y 84
Y 8+
0:{X
[V'F
]74Pnn
m. Bn
n-9Bl
ze8P
Xi9Q
wl.|
_=3!
_roZycc2r
QlaFlzEO
LC>ZD
EF 6#6
25_-%(
9E_
P'n|
/)bl
Y 8z
!:\EG
C~q
; u~8
DJmi
cw+F
XPaF
F%}W
Y 8f
Y 8[
Type
L0j7~
+=#? u5rr
h@mN+
`\l"
[LmI
Y 8I
}id
Y 8L
Close
a@VZ
b#_3
g=>P)
` 62so
cS\_
U?`iWw
h,*W
K*9RH
MethodInfo
'X`g
,Y2s
w~w
r('ql
z_o.
!)[
v*rX
ud
` bh
Read
+qjC
PE8[
7K,k%
`xH F]
`~w@"
!;2A{
j58J
4K`
M(GM
7EN6
[VcR
IConvertible
~~vFj g
8>rU
*ZW6
]4?
DI2
u{Qf
SCY8
KB/
z|r)
3%q)
$\ 4
:F?O1 1
i0<u
'r4@
1'![
}i@:s
L7>
gAMA
0imjZ
,y `Mk
9Ji'
D. i~
_D lD
2 "RJ
r#>s
7yJW
2T>f
/'B|
KDk
_dhHR
~6>;O
hW}M
LJ+?
GOUL
oBX4
:~9[Z
JN~N
V]2(
.cctor
I*o'U
|NZnJG
,oVm
mscorlib
]J!'p
4>I|N*
2,Y+
? <)=h
)UxdX
^MUy0n+
j\w}?
A*q
qU|q`
4oB+wX
b?i +n
`@#t
t2A9i
9CV%,>
G}-'
uZh.
]%e:
uD=r9+
V#??
g R9
c` .tc
e{kMf
AZVn
fDQ#
`U2<
{U9y
DHrzn
U&Z;r"W
,Rx`
Bm"f
0Ld_#[X
=\| U;
@& &
x;qE
u^dk
v4as
_oZB
N4o"W
R@EY
{.McU
v*Z9Z*1
SizeF
i_S8TJ
ABk}V}
$#sVP
q -
RuntimeTypeHandle
;|'"`o
3J#/xk
C*vd
BN:\
x9TN
aI5f
~KkM.
ZJ/(
z"$:s.$J
HU\\a<
2018
JKNb.
5UOc
{9go
N*<)
GU\
H({
N[v-[ ki
hx#pS
} th
;d(+ e
+mnX
vO2!
_C
$,Wm
System.Runtime.CompilerServices
oMW)
Rvmp
01NE7
*kAK
5T.PD
Nl92
QnCl
Size
gE#!
lQ0~Ld
Append
|n`T
ok]
]B~x
K/$'
hx'z
k8>5
_b1<fC
15]@z
h t
=dEwudv
jaPx
?al0
6xJi
@(b1\
D AN@
*~Dn
k*y
i_S%
Z/FY
$E{u
ZHQ`
cIw5
eg1
5lYe\
X'c9
w#Xn
mc+a#
,?DD/
=dM%
vAT
@~#O
8e,$
AssemblyDescriptionAttribute
%*#SD
+c29#\V
. t)
4LWx
SSLM#
3*Nn|
#V#
^x\<EQ
e~J9
'_8
7(7^(
cLSUN
Y&'
r{h#
(CaX
{+'B
k8>K
pu44Y
y] 8'x
n}SxR
E,*sP
i*#B-
*[0Y
wudRJ
&3oG
/Ca/
_#9(Bi
lhtY
H0 C
Q= rQ
R)-QW
<d?;
jHm}
0F |
WYmB
2 -v
Char
vQ!N
wA0K
TeU:
(T]j
CD=l
KH8*
<3H;
'Ie]
N!14?t
VI -
"zl;L
)2B<
>aabn
oW,\
)YcK
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
_[~U?
Zc:9
+NX,
<7`s
-maW
/m.;
fZc
C Wm
{b'>
[F#S
DO[nk
TEq!O+
!This program cannot be run in DOS mode. $
mm7
#Z6
sz P
Concat
[nI
+G E
9luHVt
V8\4Z
wDDK
+n/"
7CFnP
ZyT7m
+1}B
Io_F
Dispose
SL|c
B9wU
gtDhc
+.7a;
n$v'%
4`w
Ha2q0
q0pR
K^!/1
Eboy#
9!b)4
03UA
DY+S
^O%d
WSLF
`B iUKy
HL/
pyJV
tEZgdE
kQ9Z
4I\v r
&? I
Hvi'
rdcT
a* K
set_ClientSize
j3Ft
eXkz
get_Name
,Grm
|<%W
%<:S2=
v@m/Rr
Lac]
p
@BR/
ry/E
i$F|
F} k
7[*
]XrD>
vB?1
[<mI
!l2Y;V
"(*3
z.PN
1DD{
=m(I
;s+Q<}
H>eD
8Ddm
CskA
1}~60
FormClosingEventArgs
1C.M
&0Sn
;T o
|~~9
>;jz
V1Zy
y{1.
J>Z]
B5K2q
va}!
OU Q
b=lE
f3`k
4v,u
l+x?-
U:0p
zP\f2
" ^ -8u
u/!t
3qX3
QG6Tb
jsvu
1W0
5+=({
y\nE
Q/6
ym1<\
N31_
5hw^
[(CyHb$r;
[m9$
57kR
V7^l?-G
/{M}
+4$J b%kS
>i_!
X,DyR
I. JL
$[j{G
!7~C
1WA2|
y6"r
/'_h
h<'Q
iSC/jx
*vw3
u 3e*4'-
zSA:
:=o<
|8gQm
Q-S~6
H D :
bcXs
eJqC
He2?
?t)d
h8E2
Rhkl
a/_H
+YY&xS
Wm*3
}-% W_
2BCr
t= "
|Euxg
mC.o
t_<<|
# Q"
C>mI
AU"]
,{"m!H
AssemblyConfigurationAttribute
edYi
9 I}Ew{
"Hg47
$^Y_?
Z ? d
(UEs
P' l
|4Vs5A
iL>#
YJJxE
(u!/
MRY5
"AZ+
ResolveEventArgs
58Y~
(k_
Cx.&J/
6Oh
sMQE
Ll5)H
7;|<
v~=t
y0&6\e
_s7~
1lH
]~}8/
?#24T
Gzp3M0F
yk@%
8gvw
Z4Z{
m en
*6wT)
S7o"
o*1"
,&mI
zJ Y
=CAC'
*TGY
ks'.
>IDAThC
l6mI
;*C
# Ru
"Bd#T
mPH!
Pv3c
0n\<}L
hWA1
Er%x,0.Ox^}*7
z[NQ6vC `
)xG:
GR~P
u{al
S7oT
'<% w
F9(\
elt\
+qSk
6 "^
xm6jl
I<^i
qcqYb{4
ISerializable
P&mYo;
(xg7k
C}
;n}%3
z-I9
Z~[d
d1[e
}qK
lJ Bm
495e
+]m|
bxQBx
[9G
Wlt1
6@SAZ_
), ;
m;di
Kv?t
k7O#
CompilationRelaxationsAttribute
+ZCO^
?OZV
T9?-
?z +
j1oS
!eho
Zjgu
P%U.d
5m"/>
I4#/>
M%mO9
~CBaR
L^,=_
odh
7UD N~
GTES_1
#gjaZ66
WmNA
p+H}o
JVVI
727Oc
"MO\
2z\9
bQm*
1l7
G ant
ApplicationSettingsBase
|J J
2&^wi~
m)nC
}+^[
XW)S
=yz7Hl{
HzYa
Rm!'r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
99xSkR
ohp
0J<u9
xX1H
=\0An
3aV_
(#HH.
.T:G
^|Jkk
qK5L]
Bxl,
g0OIp
q&8X
z>Hd
;))pe%
Am 7
IEND
W]Kp
uXp*
$Pmg% =
t?x4
9k)m
nt!>'
^i=
_% ;W
C#B})
Z*?D
y+c'5
hW/9
itUs
UaM#
/y?tiG
ZM}.5
J\G`
T,n6
bKa\
]B `m
/1o G
w<C)
TNXhF
2,eX
t|'D
sV e
$Ub!i
9VpU
+,}tp9
uO9"e
Vz7T
[?MA6
B;1eYan
}Ig3~
|H"#}
^$<:c
.!{
\P&f'
;Bv{
`)u#
?& o| Q
/~:k E
s!35
9RxD
$iK3
L8z3$
6Evs
n#hB
awjG
*]F
S@yih^
+P E
StringBuilder
&uHTA
I%yC
&p<z
:QnC<
#L~(
C>r\
DDTRy
s.)?
]]jt
EQITd
&>)I
.dcR
g'~o
_6Kpy
?M&]
%^%yK<>M
xOCg
-{Le
xqZ
& RE
i>Ac
Rjl<
.jD9]v
RdR1
@tn:Qd
/Xqa DW
u#h3
($C*
m%>$
[pvi@
^8mI
$A]
%BXwf`
b-nF
ToArray
g^tJ~p
f T`
9YR
AssemblyFileVersionAttribute
Jn-GR
?Ze~g
Bg G
G5 =d
SyIml
^j ^6
;$b+!
JgkV
gZ >ffS
#ZOGy1
3)4p
S#9x
o$$V
System.Resources
-C\EUF{N
!@ie
qY $
*mx5
?<I5
1 R`
hc*D
3g(C
gg7q
nL/
9Rn2
GH8E
M!Uo
I[{`VV
g&ub
zI`Xy
3x v
58_X_hD
'84-
4Rq8,
G2-k/
17Ei
ShoI
oU05
[i{
2 Vy
^3bl
Q=VU
v#yL
p8DX
j sl
.S2:zc
g.wH
])Z[
U~"g
D2(3
`q3F
hx@~<
JJ0e
vOyt
dV-D
97617821-96c7-75.Resources.resources
HSdWC
)Hnp
>)^ Tu
]dtnBy
|{>k
LJ9iB
@MF~
1#J
Q;'C
'Kw<
!6$K^*Hz
+>'$>
uv{n
;WY%A
x\i
8Pr9
8i2-
&PXE
^ Cj
*v`/o
_`We
PX[oR
,qO5
GetExecutingAssembly
sA64
aV2/?
*Wsxk
=`=#
UMX=
,]x
auyM-
J"x]0
u(\*
'%zz
":0~iz
2DKP
String
<[~;
|Kw3
N,f2
_CorExeMain
~P2L
#eH-
|waa :
bg0r
P%'|
3\=%$Ta>7-3
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
DvLV
IH*G
3z+w
v$P,;
,Gtr
TD?sU!
E7v[
4{z.
F18~
>>%h
IEkX
{H)Ai
InitializeArray
nRl3
:=l'
I1cr
3z~:
J(~H7
90{H;e
-"u#
23=p
@8`N
.oPQ
MM5u#
,! x
J6PUv
%FV9
;cF\UwW
8;b)g_6W
!Wcx
3}*cS
/(`a
hbl+
'&n
<U4M
a$PHBL
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
_wCa
TY c
H,=Te8dZmZ
-2DB
a K^
!%-
lfH/'I/
F,{D6c\R
'd?z
tBs
@zjk
0V 7
@nV+B&|
rlm4u
_E,s(
F-]
I[~
t\X;
8\V
Cl7
iMa1
5^"X
IAaL
0r>
1:)RR>L
jDc
lrjd{
]VZ@
el;1
c`q$\)
p6Yka
RIo
'l@9
Ld=-
Load
* >b!
wQ*Lm
.[ @
Z/bl
Qji2o
d"ud
.Ga'
MQ O
>NS
q X8
N@S$l
u N[
}x(F
Dictionary`2
N N
>Qg-
-i O
M +a
t|gq
;%(33}
-s#b
x|gp
zsz%
AP/l
fGX:
Dz#j
a^pe
YO7);
FMJv
'zn
1S^]
% 58H
h9L5TW
m6ic
$HZHp
)x;$K
-:2W
uWCm
h |Xt
L*&.
VKJo
_cH
rc RR
0H "
6!\$
RuntimeHelpers
]ypx^1
(:;T
@$tIo
21)}T
$?b<i
k?3+(
luR6
4VnWc
W {5
B?y?c
eL@(
4=.b
%P2wJ
$8,~
WkfK
f R.'
P\s.
KQoh
3Xeb
-c.W
13zE
F@T5
8 R
|s
Ac ,\Q
k~w<=
lo)#
p" x
&w],a[g
hP<o
T5/<
elV<
!#k D
ZUTl
Object
2 }
gRI@
zV(0
0TfT%
%f?|8)
|$'y
| \OTIx
4}$ w
z$8v
x]##
ComVisibleAttribute
J(Z9
|![e
LBzd?
jo{
*s,[gnY"
1wJ
El(P
ce@r
zl-T
\#zD
Y`8@
-D~ysm
%x>[_
(.ML
aQXZ}
E\%9
M1lz;
8qa6nQS2E
BNs0Du^{
(f;8.
U>\IhA
=TC8
fj)QW
7"&{k
W<I"f3
'Gpr
g*TtE
EditorBrowsableState
ulMh
0Z?q
60q ~x
AAWo
qh+S
d$ 0
1oo]Cm
"Nz7J
Zm]>
\:;|E9
G6s#
b`E.
1.0.0.0
2OPkgl
+%P wp
XykW
'`}}
gn;"S
C"4_
m5?x
EK|[
TmXmo/
{n@F|
^.%#
Pvxw
fr}"
]Ylj}l
R )|'
ynYQ
YIS\4
z3H@
m&m4
LR0`H
!mq!H
hL"4
Stream
C\eb
bLbl
p]F8~
N w\
wa`l
u`^q"
sRGB
yV:sN
~U%D
d[rdY
iv;l
~si,V
b@OM
z!z>
(> R
0M*0
*N'e
-um0
AutoScaleMode
:KTe
6FjG
.'B>
Exit
-|Yj
/&uN*
&sO}
PQqo
%eee'
nl<g}
S@]+p'
_rI+
NX9x
J]BYq
~ntw
Ft@d|
de @
Kmzg
j%21
EeM#
MoM1-
spR|
u}0
]BZe
0 )o
P ;H
,YmI
oro
>iu:
ResumeLayout
S mK
dd^H
3;C4
bLk^
BU#l
sw9YT
(`C U
>jH
X[jK
j{Qi
>Z0<[
G' b
cL /h
5mVD
IN9F}A
XEwb
HB$2
$z-EFW
[0c! E
qYL#
=XH9t
"JPn
B[f
zX)![
22;^
+[ ;B&+
YX)P
/ j]
ZO4M
System.ComponentModel
m:~q
L,2{#@y
%LM[
,P,x+
#6 C!
+`EE
rOOs
mA f
@ugo
uHH$
f8%J!:
!|_x2
F1A3
S:>p
\~*j
6@H-
_*|1?
5B3=m
DWp9
lnib
wCdlnuk,J?Pt:3=#
!hhU
\;/K
&3Fa
{|K+
j(@*
22nq
6 '-
s?l+
rcgpz
wj$
!%FT{5
\w!zg:
%hX^
cZnX
#IY e
AL8y
W}g*
SCmI
3L?B
jaL|
!RB(
4cO\
0deOeR
q3qg
e)]{
'%#i
}P9u
qnD ps
fEa&Qwr
h<,x
Kl3/@p
G)*~
GuidAttribute
cj ?>
+{4n
I2>l
a}E ^
~ *C
-4aI?Hp@R)pt
4HmZ
DPrX
Zep8
Y 82
)~ <
s#}
cg S1w
h'/+
|Z.27z
wf5.
$286e281c-d3a6-4b72-9241-2cda7c0f7861
0YThN
/,joCm
j0|~$?
&mno,
Fbu H%
u XS
X+Mg
A}HB
N*]B
{BV{
@n# Jj7
8 >"
<,BO
=A~F
XIxn
JGu#
U|oRr%`
*N`5
-MxU
./o"
e1H8~
x j$
^I8
sa"<R
<<P.
w<bl
0bBL
%Mex
x?8v
h)l
e>l#
yon?2
_`-w
_--7o
hG>I
`.rsrc
[i|5ac
`fU\
D 2*
^Kp`
ZY0
^Y;5*[
+=Cv
\Wr,
l bl
f9D7
?mbl
^Iyg
h""g
x 8Ie
o%Wb
)~5X
Cabh=E
ur5X@
ih6q%
XqD<
[dA+.
gLh D7
H?)e
M /\Y
mkg[
Copyright
_/%U
<Gnh
|J}Z
j Bj
ovZ-S z#
KiXU
X4((>
`, $k
sSF(G
ryR|
W9w*
oei_
/ZG+
GB2K
ow NQ
sEV2
Js_>
Rp5D
iCs"
yNB
HwG1
/x
7lXrs
.N/g
e bl
sI s
8`cg
>!H\
B~>R
t.0.
U <}
M5tX
Y\C{%
Q9bl
dh9#*C
7? (
.Lk4
}h
{)Kh`'
3L:.
G3aO
gq,I
DE8AF79676FDDB60C1FA4569B52989FEE063F91E
/EK
R?F`
XfIx
/`ls
?UMb
OG
>x\A
P5ir
s:0I
?6bl
G@^/
2"cPK
* (x]BX
ZY0
0z['
F k,a
g=bl
`N D
||mmXI,Q
lnaOHbV
Ojo6
?*bl
qob?/+ L
'^rOc
4*~v:
} 38
ydK]c
add_FormClosing
\i1y
kvFXt[
9p~{
@9m&-
GetTypeFromHandle
Fu=f
&rzTySvV=
2`J|
AW{R
.Ja^7
|,HB
1.nB
XjRi(
qIaIqc
] Ll
Mzc
JzB;N
Sb!cCw
.D,e\~&Y
ODJL
= V}0#
} $9
k(k
//bl
$fwV
hgvn
ROk4
4D`
62?
U%EA
$4[}
v3Z;
[1Yh
X d
qny>
Lk3:6
{B~;9k
,3mI
eiB"
Enter
\y/$
/hJC[
E> hn~
!6<P
,2-O=
E E
,p=_a
KbmJ
I,j\5
q;bl
LAe
pMGJ7dQ;
ao[V
.+TP
B!Q>u}71.
E3 T
f&V0U
.P)N
%RSU
e)L_
IlL^)
;+c.i
System.Runtime.InteropServices
K lh
/3 F
4|N:V
hx:~
Rlv{
hJce2
W$ (#
z:< |
^YOI
#I,/E
[?0I
IEquatable`1
=c\
uZ1b
/!).
3JswM
<v5(b
8Jdw
<1to
}sVr
LBOC%
hB(2
g1yd
.cj6
#)L#
%tXIv
CDjCih
{lvm
Uf
`! Q
*6U5
9BYu
2AKJ
SuppressIldasmAttribute
e[LmI
cAdE(
f \>h2
3+\*y
Ne-%
.)|X
*cZ2
]. FaK5
&2_p
;Kn.
-,zX
>2pM
,eWn
8E'p
XR?,
n2s8/F
BsW~"
<:T~
8w1W}
, ^I
nDON/
|LX
-c}-%t
S#GM
]D]aWU
4,T1+
oZu
4GZ{
/BvX/h{
[LmF
P`~H
CZ*a
8#Ge.
V|BZ
o:||
U?C#L
h# n
lRd(z`
'D q
09]|
a+Q
K)bl#
t vG
cyx<`
{x#[k
PW"O
_;cx
S]o["
#g/X
J|s
U[OL]
9W7OT
_ dd
C|=x?
Pq[.
ug/t
Synchronized
;Um[$
^Q0P
X:.B
aZ(^
v q
Tc\1
1rx&&
'%~o
?gsdu+
Oe_[
IDisposable
uhbY*a
jcl2!
x<gkx
CompressionMode
8WD8
:j+j
,3}I
`JOF3
<Je;
AssemblyProductAttribute
Q$wt
w/Xg
*%S^
m\IKc
o1Q[
ZV$2
C !~
i0+D
el^m
G+hK
<Module>
2'7"
h]Yf
x*)K
dF->
K#erP
t,Vq)
0=Wr
ni <
+P [a
Nf%~
:;TK
5T5&
B&E4
&PU>
bI39(
NGj&
q0Gx
_Mh%%
:zu7
*-^`1%X
~x._C
e5K|
mNRg
get_Evidence
. #a}
N d{
Iz,V
MX4]
pce3
b/;
(ky
Q_>.K
fgj.
DeflateStream
cqZ)
aQ5kd
P/3&on
2}faa{
O44I
Nv bL
dVXNw
-i>!
Sfc*
F?E
J r_
Cr`j#B7c
{tBa
x6,f{|O
B :
E"
X>u
P!O<
e .J
I0j
w8<
j HwV
lP E
k{K}
z$Z3
b@@v
System.Threading
;L]%
Q!a!
=E'4
4<O/
W7!M
rzx ?
$Gps
IHc=
Ju'E
UW'fJA
R2H!
O}F_
%7h}h
Jbuy
9]DI
<nd?$w
PV16
i3cz
5/I('=
!#JI
:\@S
nfgxjkx.exe
C//|
D# ]
I5:
& Z_=
cL.U oEb
s&E
**C_
0F=P
W'_n'
%\7<
MQj(
n A [H
v_ G
>_:fu
EventHandler
System.Text
z_(q
LzE_
N44>kd
\qxI
9-G_*
;9OQ
)oU 9~,z
_7WOL
aOBA
SCmF
X.=w
NQ_Q
lzfs
g` wN
% c3
]_rP
#4N$
DwM]
Jhgd
jp+c>-
Op3\
:I bk
x4|E
IEnumerable`1
`|;
0@i
d6&:
!f C
W_Sfrm
tbLj
:_oc
Rw9 }
1Dft
Q^_c
?`/O t
@A&N
#Uk>
(FDR
0Tq\
i .ob
Qe1)
c1_{
=~8&N
# U%
o>cz
c)n[
CI\<2rC=>okO
r/Q6
E
JSBB
S{ \
x"}"y"
D_L)
c il
$en$
(3mI
#33
_whM
,]z[
1/c
UR5t{p}';
UbODw.
& L
}"EU
bjmlt
3>y g
{onB
I%%Mh
uyLa
8 m
(oEB
@"M#
tjl+Ee
g*b+.
=-I:
D`18wQv
`?|86E
rB!+
mIr(
Y4C>
4 =%#
q\LC,py
t!9m
C"T3
jp|jUwl6
4:Hg
5<Hh
&W>O
System.Collections.Generic
\pD"\g
r^WbL
=24L
1&`
% (&` K2GRM
pz}.
b"H,
j?D6l/
1aO%
,J{~
*!ME
'!bl
System.Windows.Forms
=']4
l'8
c Wb
tT\L
is.aEg
v%6
i#h)
`]H)
RQW0
>p4.
%9ux
^}DO
$Y1
System.Drawing.Bitmap
Bn1dyV
B>?_
eIKO
([yP
c}v,&
B"`H
e767@/
=]P%
bF kUU
A0.?h@)[
MzL:
C)B3UEX8
RTf6
Dm::
WGrn
System.CodeDom.Compiler
A mN)6
+#j*R
GeneratedCodeAttribute
disposing
z|4==j<]
;+sv
6mFrV
f`.{
bB/YW
ZPxp
]{~Y3
U )_Q
7dm#p
9!Q>
rx 8W i
G*[*
^`;tG
(Waf
<$[o
I:
T)g$
H*X{
}`5"
Iv~<{
Vk?U
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-03-26 22:28:00 2018-03-26 22:30:54 174

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-03-26 22:28:00 2018-03-26 22:30:54 174

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe.config
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.config
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources\nfgxjkx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources\nfgxjkx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2560.12048906
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2560.12048906
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2560.12048968

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe.config
C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2560.12048906
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2560.12048906
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2560.12048906
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2560.12048906
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2560.12048968

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oparaaaboyooo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\340ad3ae\7635a96e
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\640c6bc6\426df369
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oparaaaboyooo.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oparaaaboyooo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oparaaaboyooo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\640c6bc6\946ebcf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\oparaaaboyooo.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4C0D7A78
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4C0D7A78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
advapi32.dll.CryptAcquireContextW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptContextAddRef
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptContextAddRef
advapi32.dll.CryptDuplicateKey
cryptsp.dll.CryptDuplicateKey
advapi32.dll.CryptSetKeyParam
cryptsp.dll.CryptSetKeyParam
advapi32.dll.CryptDecrypt
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptEncrypt
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
kernel32.dll.GlobalMemoryStatusEx
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.IsWindow
gdi32.dll.DeleteObject
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\oparaaaboyooo.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-26 22:30:19

Detected family: #Ispy

TheSystem Itself @ 2018-03-26 22:48:02